Community Tip - Have a PTC product question you need answered fast? Chances are someone has asked it before. Learn about the community search. X
Hallo.
I would like to connect my Thingworx platform 7.2 with a MQTT broker in a secure mode SSL TLS.
I’m using ActiveMQ 5.3 as MQTT broker and MQTT Thingworx extension as connector.
I successfully tested the connection without SSL mode.
However, I could not implement secure mode connection.
→ I have made two changes to activemq.xml file.
a) Instead of line
<transportConnector name="mqtt" uri="mqtt://0.0.0.0:1883?maximumConnections=1000&wireFormat.maxFrameSize=104857600"/>,
I used
<transportConnector name="mqtt+nio+ssl" uri="mqtt+nio+ssl://0.0.0.0:8883?maximumConnections=1000&wireFormat.maxFrameSize=104857600"/>
b) I added
<sslContext>
<sslContext keyStore="file:${activemq.base}/conf/activemq.ks"
keyStorePassword="password"
trustStore="file:${activemq.base}/conf/activemq.ts"
trustStorePassword="password" />
</sslContext>
→ I tested Activemq server with MQTT.fx client tool. I could connect in SSL/TLS mode, with TLSv2 protocol option and CA certificate keystore option, by importing the certificate broker client I made in keystore for MQTT.
My questions.
1) Is my ActiveMQ configuration proper?
2) Where should I put the broker client certificate in Thingworx side?
3) Perhaps the MQTT Thingworx extension uses Tomcat to communicate to ActiveMQ broker? Following this assumption I modified the server.xml file of Tomcat configuration.
Below there is one of my unsuccessful tests:
a) I added this connector
<Connector
port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150"
SSLEnabled="true"
scheme="https"
secure="true"
clientAuth="true"
sslProtocol="TLS"
enableLookups="false"
keystoreFile="conf/tomcat.ks" keystorePass="password"
truststoreFile="conf/tomcat.ts" truststorePass="password"
>
</Connector>
Tomcat.ks is a keystore containing the certificate I generated for the broker clients.
Tomcat.ts is a keystore containing the certificate I generated for the broker.
I removed this line
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
4) Instead of MQTT Thingworx extension, it is possible to use ActiveMQ extension for a secure SSL/TLS connection throw ActiveMQ?
Thank you for your attention.
Best regards,
Sergio Marino
Hi Sergio,
This might not answer your questions but have tried using the MQTT extension from the ThingWorx Marketplace ThingWorx IoT Marketplace ?
Best Regards,
Amine
Hi Amine.
Thank you for your replay.
My question is about MQTT extension of Thingworx marketplace.
Best regards,
Sergio
Hi Bruce.
I apologize for my delay.
I wanted to try your suggestions before answering.
Because I was involved in other tasks too, meanwhile, thank you very much.
Sergio